search

vercel / next.js

The React Framework
https://nextjs.org
MIT License
126.74k stars 26.94k forks source link

"use cache" crashes if it contains tainted values #71977

Open mordechaim opened 4 days ago

mordechaim commented 4 days ago

Link to the code that reproduces this issue

https://github.com/mordechaim/next-repro-cache-taint

To Reproduce

  1. Start the application
  2. See the error on page load

Current vs. Expected behavior

Current behavior The cache errors with the message passed to taintUniqueValue: image

This error is also present while building the project:

Error while saving cache key: ["rKc0nlkGUlH9QFhckQS1H","8087fac4d5a350d79685366b3e238ee36c2ce46a",[]] Error: Don't pass the password to the client

Expected behavior Since cache is server-side only, we should be able to cache tainted values.

Provide environment information

Operating System:
  Platform: win32
  Arch: x64
  Version: Windows 10 Home
  Available memory (MB): 32674
  Available CPU cores: 8
Binaries:
  Node: 22.9.0
  npm: N/A
  Yarn: N/A
  pnpm: N/A
Relevant Packages:
  next: 15.0.2-canary.9 // Latest available version is detected (15.0.2-canary.9).
  eslint-config-next: N/A
  react: 19.0.0-rc-1631855f-20241023
  react-dom: 19.0.0-rc-1631855f-20241023
  typescript: 5.3.3
Next.js Config:
  output: N/A

Which area(s) are affected? (Select all that apply)

Not sure

Which stage(s) are affected? (Select all that apply)

next dev (local), next build (local)

Additional context

No response

samcx commented 3 days ago

@mordechaim Thank you for submitting an issue!

I will be sharing this with our team. We will get back to you when we have an update!